VARIoT IoT vulnerabilities database
| VAR-201901-1024 | CVE-2018-4194 | plural Apple Product out-of-bounds reading vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. plural Apple The product has a flaw in reading due to incomplete processing related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
| VAR-201901-1023 | CVE-2018-4189 | plural Apple Memory corruption vulnerability in products |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling. plural Apple The product has a memory corruption vulnerability due to incomplete memory handling.There is a possibility of memory corruption
| VAR-201901-1022 | CVE-2018-4186 | Safari Information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. An attacker could exploit this vulnerability to disclose information
| VAR-201901-1021 | CVE-2018-4185 | plural Apple Information disclosure vulnerability in products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. plural Apple The product contains a vulnerability in state processing, so there is a vulnerability in which information is disclosed.Information may be disclosed. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system; macOS High Sierra is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. An attacker could exploit this vulnerability with a malicious application to determine the kernel memory layout
| VAR-201901-1016 | CVE-2018-4179 | macOS High Sierra Smart cards in PIN Processing vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Local Authentication is one of the local authentication components. A local attacker could exploit the vulnerability to view sensitive user information
| VAR-201901-1015 | CVE-2018-4169 | macOS High Sierra Out-of-bounds reading vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation. Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance (OHA). An attacker could exploit this vulnerability to execute arbitrary code with kernel privileges
| VAR-201901-1014 | CVE-2018-4147 | plural Apple Multiple memory corruption vulnerabilities in products |
CVSS V2: 6.8 CVSS V3: 9.8 Severity: CRITICAL |
In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. plural Apple There are multiple memory corruption vulnerabilities in the product due to flaws in memory handling.There is a possibility of memory corruption. Apple iOS, Safari and iCloud for Windows are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iCloud for Windows is a cloud service based on the Windows platform. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. An attacker using maliciously crafted website content could exploit this vulnerability to execute arbitrary code (memory corruption)
| VAR-201901-1013 | CVE-2018-4217 | macOS High Sierra Privacy vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Identity Services is one of the identity authentication service components. An attacker could exploit this vulnerability with a malicious application to gain access to a local user's Apple ID
| VAR-201901-1005 | CVE-2018-4258 | macOS High Sierra Vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. AppleGraphicsControl is one of the integrated graphics drivers. An attacker could exploit this vulnerability to execute arbitrary code with kernel privileges
| VAR-201901-1004 | CVE-2018-4257 | macOS High Sierra Vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. AppleGraphicsPowerManagement is one of the graphics card power management components. An attacker could exploit this vulnerability to execute arbitrary code with kernel privileges
| VAR-201901-1003 | CVE-2018-4256 | macOS High Sierra Out-of-bounds reading vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. AMD is one of the AMD product components. A local attacker could exploit this vulnerability to read kernel memory
| VAR-201901-1002 | CVE-2018-4255 | macOS High Sierra Out-of-bounds reading vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. AMD is one of the AMD product components. A local attacker could exploit this vulnerability to read kernel memory
| VAR-201901-1001 | CVE-2018-4254 | macOS High Sierra Input validation vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. AMD is one of the AMD product components. An attacker could exploit this vulnerability to execute arbitrary code with kernel privileges
| VAR-201901-0431 | CVE-2017-2411 | iOS Vulnerabilities related to security functions |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Calculator is one of the calculator components. A security vulnerability exists in the Calculator component of Apple's iOS prior to 11.2. An attacker could exploit this vulnerability to change currency exchange rates
| VAR-201901-0429 | CVE-2017-13891 | iOS User interface vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. SafariViewController is one of the web browser components. A security vulnerability exists in the SafariViewController component in Apple iOS versions prior to 11.2. An attacker can use this vulnerability to forge the content of the address bar by using a malicious website
| VAR-201901-0428 | CVE-2017-13889 | macOS High Sierra Vulnerabilities related to authorization, permissions, and access control |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved credential validation. macOS High Sierra Vulnerabilities related to authorization, authority, and access control exist due to a lack of processing related to credential verification.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Security is one of the security components. An attacker could exploit this vulnerability to bypass administrator authentication (without requiring an administrator password)
| VAR-201901-0427 | CVE-2017-13888 | iOS Type-typing vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In iOS before 11.2, a type confusion issue was addressed with improved memory handling. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ReplayKit is one of the screen recording components. An attacker could exploit this vulnerability to prevent users from controlling their screencasts
| VAR-201901-0426 | CVE-2017-13887 | macOS High Sierra of APFS Logic vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. APFS is one of the Apple device-specific file system components. There is a security vulnerability in the APFS component in Apple macOS High Sierra version 10.13.1. The vulnerability stems from the fact that the APFS encryption key may not be safely deleted after hibernation. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
| VAR-201901-0425 | CVE-2017-13886 | macOS High Sierra Privileged WiFi Access vulnerability in system settings |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Wi-Fi is one of the wireless Internet access components. Attackers can use this vulnerability to change WiFi system parameters, resulting in denial of service
| VAR-201901-0388 | CVE-2016-7576 | iOS Memory corruption vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. GasGauge is one of the battery fuel gauge components. A security vulnerability exists in the GasGauge component of Apple iOS prior to 9.3.3. An attacker could exploit this vulnerability with a malicious application to execute arbitrary code with kernel privileges (kernel corruption)